Month: March 2009

Nagios is an open source host, service and network monitoring program. The official homepage is http://nagios.org/, and i use it with cacti to monitor my network.
Nagios sends you an alert via email, sms when a service is down, the sms solution is very usefull when your smtp server is unreachable.
You can drive a GSM mobile by your favorite operating system. With an usb data cable connect it to your monitoring server.
On debian there are a too packages for communicating with mobile phones (gnokii and gsm-utils), at first we’ll use gsm-utils you can get it like:$ sudo apt-get install gsm-utils
Verify first that your GSM is connected to your server$ sudo ls -al /dev/ttyUSB*
You can now test it by sending a sms to your mobile number +3299999999.$ sudo gsmsendsms -d /dev/ttyUSB0 +3299999999 “Nagios – Test SMS OK”
If the test is OK, that mean you will be able to configure nagios to send sms to your phone.
Add a pager to your contact info in /etc/nagios3/conf.d/contacts_nagios2.cfg and set up sms notification mode like:

Well, i can not get a dedicated GSM for my monitoring server right now, in my country there are some providers that purpose some sms services like sending free sms via web to mobile for example meditel.
in the suite we will focus on how to configure nagios to send sms to meditel mobile via a python script.
If your operators is meditel, get meditelsms package :$ git clone git://github.com/mezgani/meditelsms.git.
and now add this following lines to your commands.cfg, change the path of your script in our example i used /home/mezgani/script/sms.py

Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery.
This article explain how to use scalpel to recover deleted files.
on a debian or ubuntu install scalpel.$ sudo aptitude install scalpel
In the config file scalpel.conf you have to define some file types that scalpel will search, in our example we will check for pdf files, so we uncomment these lines:$ sudo vi /etc/scalpel/scalpel.conf
[…]
pdf y 5000000 %PDF %EOF\x0d REVERSE
pdf y 5000000 %PDF %EOF\x0a REVERSE
[…]
First of all make sure that the output directory does not exist, so to recover data from the sda1 partition, we can use scalpel as following:$ sudo scalpel /dev/sda1 -o output
And the result is stored into the output directory with a full audit file.

This article explain the process of booting linux.
The first thing a computer does on start-up is initialize the processor
registers by the central unit after that it runs the contenent stored in flash
memory (ROM) at a specific address, by this way it load the bios (basic input/ouput
system) into memory and do a primer test (POST – Power On Self Test).
This way several devices are tested, including the processor, memory, graphics card and the keyboard.
Here is tested the boot medium (hard disk, floppy unit, CD-ROMs).
After the POST is complete, it is flushed from memory, but the BIOS runtime services remain and are available to the target operating system.
the loader from a ROM loads the boot sector, which in turn loads the operating system from the active partition.
The boot blocks is always at the same place: track 0, cylinder 0, head 0 of the device from which we’re booting.
This block contains a program called loader, which in Linux’s case is LiLo (Linux Loader), or Grub (GNU Grub Unified Boot Loader),
which actually boots the operating system.

When a boot device is found, the first-stage (Master Boot Record) boot loader is loaded into RAM
and executed. This boot loader is less than 512 bytes in length (a single
sector), and its job is to load the second-stage boot loader (Lilo, Grub..).

To see the contents of you MBR, copy the 512 first bytes of your device to
mbr.bin, and you can also see the hexa and ascii contents.
$ dd if=/dev/hda of=mbr.bin bs=512 count 1
$ od -xa mbr.bin
$ file mbr.bin

We will explain step by step the job of the boot loader :

1. When the second-stage boot loader is in RAM and executing, a splash screen is
commonly displayed, and Linux and an optional initial RAM disk (temporary root
file system) initramfs and kernel are loaded into memory. When the images are loaded, the
second-stage boot loader passes control to the kernel image and the kernel.

2. The Linux kernel is compressed, and contains a small bit, which will decompress it.
Immediately after the first step begins the decompression and the loading of the kernel.
a long list of initialization functions are called to set up interrupts,
perform further memory configuration.

3. This initrd serves as a temporary root file system in RAM and allows the
kernel to fully boot without having to mount any physical disks. Since the
necessary modules needed to interface with peripherals can be part of the
initrd, the kernel can be very small, but still support a large number of
possible hardware configurations. After the kernel is booted, the root file
system is pivoted (via pivot_root) where the initrd root file system is
unmounted and the real root file system is mounted.

4. If the kernel detects that your graphics card supports more complex text modes,
Linux allows the usage of them – this can be specified or during the recompilation of the kernel,
or right inside the boot loader, or other program, like rdev.

5. The kernel verifies hardware configuration (floppy drive, hard disk, network adapters, etc)
and configures the drivers for the system.
During this operation, several informative messages are shown to the user.

6. The kernel tries to mount the file system and the system files.
The location of system files is configurable during recompilation, or with other programs – LiLo and rdev.
The file system type is automatically detected. The most used file systems on Linux are ext2 and ext3.
If the mount fails, a so-called kernel panic will occur, and the system will “freeze”.
System files are usually mounted in read-only mode, to permit a verification of them during the mount.
This verification isn’t indicated if the files were mounted in read-write mode.

7. After these steps, the kernel will start init, which will become process number 1, and will start the rest of the
of the system.

The init process

1. It’s Linux’s first process, and parent of all the other processes.
This process is the first running process on any Linux/UNIX system, and is started directly by the kernel.
It is what loads the rest of the system, and always has a PID of 1.

The initialization files in /etc/inittab

2. First time the initialization process (init) examines the file /etc/inittab
to determine what processes have to be launched after.
This file provides init information on runlevels, and on what process should be launched on each runlevel.
After that, init looks up the first line with a sysinit (system initialization)
action and executes the specified command file, in this case /etc/init.d/rcS.
After the execution of the scripts in /etc/init.d/rcS, init starts to launch the processes associated with the initial runlevel.
The most used action in /etc/inittab is wait, which means init executes the command file for a specified runlevel,
and then waits until that level is terminated.

The files in /etc/init.d/rcS

3. The commands defined in /etc/inittab are executed only once, by the init process,
every time when the operating system boots. Usually these scripts are running as a succession of commands,
and usually realise the following:

3.1. Determine whether the system takes part of a network, depending on the content of /etc/sysconfig/network
3.2. Mount /proc, the file system used in Linux to determine the state of the diverse processes.
3.3. Set the system time in fuction to the BIOS settings, as well as realises other settings
(setting of time zone, etc), stabilized and configured during the installation of the system.
3.4. Enables virtual memory, activating and mounting the swap partition, specified in /etc/fstab (File System Table)
3.5. Sets the host name for the network and system wide authentication,
like NIS (Network Information Service), NIS+ (an improved version of NIS), and so on.
3.6. Verifies the root fily system, and if no problems, mounts it.
3.7. Verifies the other file systems specified in /etc/fstab.
3.8. Identifies, if case of, special routines used by the operating system to recognize installed hardware
to configure Plug’n’Play devices, and to activate other prime devices, like the sound card, for example.
3.9. Verifies the state of special disk devices, like RAID (Redundant Array of Inexpensive Disks)
3.10. Mounts all the specified file systems in /etc/fstab.
3.11. Executes other system-specific tasks.

The /etc/rc.d directory

The directory /etc/rc.d/init.d contains all the commands which start or stop services
which are associated with all the execution levels.
All the files in /etc/rc.d/init.d have a short name which describes the services to which they’re associated.
For example, /etc/rc.d/init.d/amd starts and stops the auto mount daemon, which mounts the NFS host and devices anytime when needed.

The login process

After the init process executes all the commands, files and scripts, the last few processes are the /sbin/mingetty ones,
which shows the banner and log-in message of the distribution you have installed. The system is loaded and prepared so the user could log in.

The next few lines in /etc/inittab are specific to the different execution (run-) levels. Every line runs as a single script (/etc/rc.d/rc), which has a number from 1 to 6 as argument to specify the runlevel.
The most used action in /etc/inittab is wait, which means init executes the command file for a specified runlevel, and then waits until that level is terminated.

In the need to make a virtual machine, like what we see with vmware.
there are a magic tool named qemu, it ‘s a free processor emulator created by
Fabrice Bellar.
well, to setup a new machine you have to prepare a partition image named linux.img,
in this example with 1024MB.